Director of Product Security

Job Description As the Director of Product Security at Qualys, you will lead a team of engineers and product security architects to enhance the security posture and maturity of the products developed and delivered by the company. Your role is crucial in ensuring the security of Qualys' products, services, and infrastructure while fostering innovation and agility in the development lifecycle. **Key Responsibilities:** - **Leadership and Strategy:** - Lead and mentor a team of Security Engineers and Security Architects to promote a culture of innovation and collaboration. - Develop strategies to enhance product security maturity across a portfolio of products. - Conduct security architecture reviews, threat modeling, and requirements publication. - Collaborate with cross-functional teams to integrate security into the development lifecycle effectively. - Partner with Threat & Vulnerability management teams, Security Operations, and Governance, Risk, and Compliance leads. - **Program Management:** - Enhance and scale the existing product security program, including Secure Software Development Lifecycle (SDLC) and security standards. - Develop capabilities aligned with security maturity models such as OWASP SAMM, NIST SSDF, and/or BSIMM. - Support the Product Security Incident Response Team (PSIRT) programs and processes. - **Security Engineering and Innovation:** - Work with engineering teams to develop solutions addressing product security issues at scale. - Design security architectures and technical controls to improve the Secure by Design experience. - Oversee the development of a Security Design Library and security standards. - **Risk Management and Compliance:** - Collaborate with Compliance teams to align with security standards and frameworks. - Author findings, improvement recommendations, risk registry issues, and develop business intelligence on product security risks. **Qualifications:** - **Experience:** - 10 years in application security with a focus on SaaS platforms. - 5 years in engineering with leadership experience. - 5 years in a management role. - **Technical Skills:** - Expertise in web application security and secure software development practices. - Proficiency in delivering threat models, design reviews, and security assessments. - Hands-on experience with modern development practices and technologies. - **Leadership Skills:** - Proven ability to build and lead high-performing teams. - Strong stakeholder management and communication skills. This is an opportunity to lead a critical function at Qualys, protect billions of people's daily activities, and work with a creative and growing team. The role offers a competitive salary, benefits, performance bonuses, and equity options. As the Director of Product Security at Qualys, you will lead a team of engineers and product security architects to enhance the security posture and maturity of the products developed and delivered by the company. Your role is crucial in ensuring the security of Qualys' products, services, and infrastructure while fostering innovation and agility in the development lifecycle. **Key Responsibilities:** - **Leadership and Strategy:** - Lead and mentor a team of Security Engineers and Security Architects to promote a culture of innovation and collaboration. - Develop strategies to enhance product security maturity across a portfolio of products. - Conduct security architecture reviews, threat modeling, and requirements publication. - Collaborate with cross-functional teams to integrate security into the development lifecycle effectively. - Partner with Threat & Vulnerability management teams, Security Operations, and Governance, Risk, and Compliance leads. - **Program Management:** - Enhance and scale the existing product security program, including Secure Software Development Lifecycle (SDLC) and security standards. - Develop capabilities aligned with security maturity models such as OWASP SAMM, NIST SSDF, and/or BSIMM. - Support the Product Security Incident Response Team (PSIRT) programs and processes. - **Security Engineering and Innovation:** - Work with engineering teams to develop solutions addressing product security issues at scale. - Design security architectures and technical controls to improve the Secure by Design experience. - Oversee the development of a Security Design Library and security standards. - **Risk Management and Compliance:** - Collaborate with Compliance teams to align with security standards and frameworks. - Author findings, improvement recommendations, risk registry issues, and develop business intelligence on product security risks. **Qualifications:** - **Experience:** - 10 years in application security with a focus on SaaS platforms. - 5 years in engineering with leadership experience. - 5 years in a management role. - **Technical Skills:** - Expertise in web application security and secu